4

I'm a freshmen in cryptography and want to know more about IV reversing. There's a lot of posts about finding the passphrase with a new IV. But what about the other situation? This is for educational purposes.

I have a cypher text : 

cY1Y1VPXbhUqzYLIOVR0RhUXD5l+dmymBfr1vIKlyqD8KqHUUp2I3dhFXgASdGWzRhOdTj8WWFTJ PK0k/GDEVUBDCk1MiB8rCmTZluVHImczlOXEwJSUEgwDHA6AbiCwyAU58e9j9QbN+HwEm1TPKHQ6 JrIOpdFWoYjS+cUCZfo/85Lqi26Gj7JJxCDF8PrBp/EtHLmmTmaAVWS0ID2cJpdmNDl54N7tg5TF TrdtcIplc1tDvoCLFPEomNa5booC

The corresponding plain text : 

Marvin: "I am at a rough estimate thirty billion times more intelligent than you. Let me give you an example. Think of a number, any number."
Zem: "Er, five."
Marvin: "Wrong. You see?"

And the passphrase : 

AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRqrHB0eHyA=

I looked here and here but haven't found what I need.

How can I use those to find the IV? The IV length is unknown.

Community
  • 1
Platonium
  • 43
  • 5
  • Do you mean the key or IV? – RoraΖ Sep 30 '15 at 15:56
  • I mean the IV. But if you can got both easily it's ok too ! – Platonium Sep 30 '15 at 16:03
  • 1
    Usually the algorithm and mode of operation is known in advance. Was AES / CBC mode used for this encryption (don't let us try all posibilities!)? Note that your passphrase does not seem to be a passphrase, it looks quite a lot like a base 64 encoded key value. Keys are binary, passphrases are text. – Maarten Bodewes Sep 30 '15 at 16:31
  • For CBC mode, the IV length is the same as the block length. Since the block length of AES is always 16 bytes (128 bits) that is your IV length, – Xander Sep 30 '15 at 16:32
  • Come on man, for real ? Asking for other peoples to solve the chall for you ? At least, link the credits ! --"

    https://www.root-me.org/en/Challenges/Cryptanalysis/Initialisation-Vector Btw, the value given isn't the flag, pfew ! (well, not hardcoded at least...)     – Laluka Jan 10 '18 at 07:03

1 Answers1

3

Its AES in CBC mode with PKCS#7 padding.

The IV in CBC is XOR'ed with the plaintext. This results in the following value in hexadecimals:

043e1e461f5d6563503050155d7f5b5d

and "Marvin: \"I am at" is:

4d617276696e3a20224920616d206174

so the IV will be the two values XOR'ed:

495f6c3076335f4372797074305f3a29
Maarten Bodewes
  • 4,562
  • 15
  • 29